While phishing, reconnaissance scans, social engineering, and other opportunistic attacks still comprise the lion’s share of malicious activity seen by most companies, a growing proportion of attacks are able to evade signature-based defenses.
Cybercriminals using fully undetectable (FUD) services can create variants that are unrecognizable to antivirus programs, and targeted attacks increasingly use custom-built malware designed to tiptoe past the target’s defenses.
To find advanced malware, companies have to look for indicators of compromise that might not initially appear to be connected to a malware infection or each other, says CP Morey, vice president of product marketing at security firm Sourcefire. For example, callbacks to unknown servers along with the installation of an unknown application and high utilization on a machine might not pass the threshold that requires investigation, but together they should set off an alert, he says.
SOURCE: darkreading.com
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.